• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    ipxe https

    Scheduled Pinned Locked Moved Solved
    Bug Reports
    3
    7
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      datnt2509
      last edited by

      I try to start loading of files through https, but to me gives permission denied error message, tell that it is necessary to register in default.ipxe normally to be loaded? DOWNLOAD_PROTO_HTTPS and IMAGE_TRUST_CMD are included. To the FAQ it is it is unclear written I cannot understand, somebody can tried, tell in more detail as it becomes?

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by

        @datnt2509 Which version of FOG do you use? The most current version compiles iPXE for you including all the HTTPS stuff and certificates, so there shouldn’t be any need for manual compiling it.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • D
          DBCountMan
          last edited by

          the only time ive seen permission issues with ipxe is when the tftproot folder isnt public with read and execute, but that was on my freenas server using dnsmasq for dhcp and tftp. maybe check the permissions on /tftproot and /var/www/fog/service/ipxe.

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by

            @brakcounty While you are right it kind of sounds like @datnt2509 is running into an issue with trying to PXE boot from a HTTPS enabled FOG server. This is known to cause “permission denied” errors as well - not very user friendly but it’s iPXE’s way of telling that it can’t download via HTTPS (usually a trust issue).

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • D
              DBCountMan
              last edited by

              Right my freenas server is hosting on http not https via webdav. it is being hosted on an isolated network so i dont see the need to secure it, plus the webdav is set to read only. so FOG is set to ipxe over https by default? how can trust be established at the BIOS or UEFI level?

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by

                @brakcounty said in ipxe https:

                so FOG is set to ipxe over https by default? how can trust be established at the BIOS or UEFI level?

                No it’s not by default. There is a flag for the installer to make it use HTTPS (--force-ssl).

                The trust chain is not going all the way down to BIOS/UEFI firmware. When installing FOG with SSL/HTTPS it compiles iPXE binaries for you that include the self-signed certificate used for HTTPS communication within FOG. So loading iPXE via TFTP can still be considered untrusted but iPXE itself loading the boot menu and FOS kernel is kind of trusted. Be aware that we are not doing this to establish some kind of full trust chain like mechanisms like Secure Boot and other means of DRM work. It’s more a thing of providing a secure channel between client and server.

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                1 Reply Last reply Reply Quote 0
                • S
                  Sebastian Roth Moderator
                  last edited by

                  Found and fixed, details see here: https://forums.fogproject.org/topic/14115/boot-php-permission-denied

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  1 Reply Last reply Reply Quote 0
                  • 1 / 1
                  • First post
                    Last post

                  195

                  Online

                  12.0k

                  Users

                  17.3k

                  Topics

                  155.2k

                  Posts
                  Copyright © 2012-2024 FOG Project